Providing Consulting Assistance and ExpertiseThe objective of this service offering is to provide InfoSec consulting assistance and expertise to perform an assessment of current IBM mainframe security within CLIENT as controlled by the IBM-RACF, CA Top Secret or CA ACF2 security system, with specific emphasis on PCI-DSS (Payment Card Industry – Data Security Standards) controls. The assessment is based upon a competent and professional review by a senior InfoSec security consultant of the existing security architecture, operation, organization and security audit findings.
A formal document will be delivered describing the findings and recommendations resulting from this security assessment. The document will provide the following deliverables:
- An executive summary containing a business level introduction followed by a summary of main findings and recommendations.
- A comprehensive inventory of the current implementation. This is primarily a quantitative analysis that conveys primary security metrics such as User ID counts, logging rates, enforcement levels, numbers of privileged users, number of users with security-bypass authority, new password requirements, obsolete User ID counts, etc. As many of the available metrics as possible are researched, inventoried, and explained within the project timeframe. A systems overview is also included.
- The findings and recommendations pertaining to approximately twelve primary areas of security concern. In each of these areas, the four topics are documented: Justification for Review, Priority for Concern, Methodology and Approach, and Findings and Recommendation. The primary areas of study include:
- IBM RACF Installation/Upgrade
- Security Implementation Assessments
- Role Based Access Control (RBAC) Implementation
- CA Top Secret/ACF2 to IBM RACF conversion
- Unix/Linux on Mainframe Security
- Security Administration Support
- Custom Security Programming/Reporting
- TSO UADS conversion
A preliminary report will be delivered within ten (10) business days following the completion of onsite data gathering. The preliminary report will be reviewed in a meeting with CLIENT staff; after which any changes will be promptly incorporated and the final report delivered.
Let InfoSec and our highly skilled mainframe security consultants assist you in meeting your mainframe PCI compliance challenges.